To be honest I'm not sure exactly who's deployed what at this point, although we have been tracking implementations of the protocol (see: http://trac.tools.ietf.org/wg/trans/trac/wiki).
But this is very different from what Amazon is doing. They're basically creating an additional certification authority (nit: Bishop's article calls it a "certificate authority"; it's actually "certification authority"). What CT does is provide an auditing mechanism to detect bogus certificates in the wild and is a response to known compromises and operational errors at CAs, broadly known as "misissuance." "Misissuance" includes things like CAs issuing certificates for a domain to another party without the domain's knowledge (for example, if I trick someone into issuing me a certificate for microsoft.com, or a rogue or compromised CA issues one). The Amazon move is probably interesting from a business perspective but probably not particularly from a technical one. The IETF is ramping up an effort to automate certificate management and issuance and there's a parallel implementation project out of Mozilla, and you might find that interesting (and possibly relevant). With the push to deploy HTTPS everywhere, certificates really need to be a lot easier to manage. It seems possible that Amazon is getting into the CA business for similar reasons - growth in the certificate business from the drive towards ubiquitous HTTPS. Melinda _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
